The versions listed below are known to be affected by this issue. If you are using one of those versions, you should update to a newer release that has no known vulnerabilities.
Common Name None VWE-ID VWE-2017-4030 Related Report None Severity HIGH Exploit Difficulty EASY Platform Affects all platforms supported by the vulnerable versions. Description Legal. Accidental loss of copyright and ownership-related metadata for some image-type attachments. Does not affect Lite versions.
Discovered August 17, 2017 Resolved September 24, 2017 Patches Available 4.0.19 Patch Level 2
4.0.18 Patch Level 3
4.0.17 Patch Level 5
4.0.16 Patch Level 6
4.0.15 Patch Level 10
Workaround In the Wiki Admin Panel, go to Content > Attachments, and modify each image file-type so that they are not treated as images. Non-image files are not affected by the issue.
NotesIt is worth noting that neither vBulletin nor XenForo developers consider metadata preservation issues as bugs.
Categories: XSS:4.0.0, XSS:4.0.0 Alpha 1, XSS:4.0.0 Alpha 2, XSS:4.0.0 Alpha 3, XSS:4.0.0 Alpha 4, XSS:4.0.0 Alpha 5, XSS:4.0.0 Alpha 6, XSS:4.0.0 Alpha 7, XSS:4.0.0 Beta 1, XSS:4.0.0 Beta 2, XSS:4.0.0 Beta 3, XSS:4.0.0 Beta 4, XSS:4.0.0 Beta 5, XSS:4.0.0 Beta 6, XSS:4.0.0 Beta 7, XSS:4.0.0 Gamma 1, XSS:4.0.0 Gamma 2, XSS:4.0.0 Gamma 3, XSS:4.0.0 Gamma 4, XSS:4.0.0 Gamma 5, XSS:4.0.0 Gamma 6, XSS:4.0.0 Gamma 7, XSS:4.0.0 Patch Level 1, XSS:4.0.0 Patch Level 2, XSS:4.0.0 Patch Level 3, More…